Moneycontrol PRO
Open App
you are here: HomeNewsTechnology

Remote work, Data Protection and Compliance during the COVID-19 crisis

While many organisations have long been exploring the possibilities offered by remote work, few have allowed all their employees to work from home at the same time for extended periods of time.

March 26, 2020 / 02:54 PM IST
(Representative Image)

(Representative Image)

Filip Cotfas

With the COVID-19 virus now officially declared a pandemic by the World Health Organisation, companies around the world have encouraged their employees to work from home to protect their health and support government measures aimed to curb the spread of the virus. However, while many organisations have long been exploring the possibilities offered by remote work, few have allowed all their employees to work from home at the same time for extended periods of time.

The new reality imposed by the current health crisis means many companies’ entire workforce will be working remotely under lockdown measures for weeks, with the possibility that the situation will extend months further into spring and early summer.

Some organisations have been more prepared than others for this eventuality and have long had emergency and business continuity plans in place. Many others though, have hastily put together a work from home plan which, while meant to ensure that employees can continue to perform their duties for the duration of the crisis, often fail to consider two vital points: data protection and the risk of noncompliance with data protection legislation.

Protecting data while working remotely


COVID-19 Vaccine

Frequently Asked Questions

View more
How does a vaccine work?

A vaccine works by mimicking a natural infection. A vaccine not only induces immune response to protect people from any future COVID-19 infection, but also helps quickly build herd immunity to put an end to the pandemic. Herd immunity occurs when a sufficient percentage of a population becomes immune to a disease, making the spread of disease from person to person unlikely. The good news is that SARS-CoV-2 virus has been fairly stable, which increases the viability of a vaccine.

How many types of vaccines are there?

There are broadly four types of vaccine — one, a vaccine based on the whole virus (this could be either inactivated, or an attenuated [weakened] virus vaccine); two, a non-replicating viral vector vaccine that uses a benign virus as vector that carries the antigen of SARS-CoV; three, nucleic-acid vaccines that have genetic material like DNA and RNA of antigens like spike protein given to a person, helping human cells decode genetic material and produce the vaccine; and four, protein subunit vaccine wherein the recombinant proteins of SARS-COV-2 along with an adjuvant (booster) is given as a vaccine.

What does it take to develop a vaccine of this kind?

Vaccine development is a long, complex process. Unlike drugs that are given to people with a diseased, vaccines are given to healthy people and also vulnerable sections such as children, pregnant women and the elderly. So rigorous tests are compulsory. History says that the fastest time it took to develop a vaccine is five years, but it usually takes double or sometimes triple that time.

View more

Many data protection strategies focus on company networks and are therefore restricted to office perimeters. This means that all the devices being taken out of the office for remote work will lose most of their protection and compliance policies once they are out of the workplace.

One way of ensuring data protection policies remain in place even when employees work remotely is to apply them on the endpoint, meaning that data protection software is installed directly on the devices rather than at network level. In this way, policies will stay active no matter where the devices are located. This is ideal, especially for companies that have had no time to configure a Virtual Private Network (VPN), and employees will have to use their own private WiFi networks to connect to the internet.

Encryption is also an essential part of secure remote work, ensuring that, if devices are stolen or forgotten while outside the office, anyone getting ahold of them cannot access any data on them. Many computers come with native encryption tools, and companies are strongly encouraged to request that their employees use them.

Home office compliance

Given the state of emergency, compliance has taken a back seat to considerations surrounding employees’ wellbeing and the need to continue business operations remotely. This instinct to overlook data protection as negligible in case of extreme circumstances goes against one of the fundamental principles of the new wave of data protection legislation spearheaded by the EU’s General Data Protection Regulation (GDPR): data protection by design and by default. It means that data protection is no longer an afterthought that companies can choose to incorporate in their strategies depending on a given situation, but needs to be one of the foundations of business operations.

Working remotely, especially for organisations with no solid remote work plans in place, will mean that data will become more vulnerable. Malicious outsiders are likely to take advantage of the chaos leading to an increase in external attacks. Employees, freed from the restrictive policies of company networks, may also slacken their security practices and endanger the data they take home with them.

Tools like Data Loss Prevention (DLP) solutions applied at the endpoint level can support remote compliance through their focus on special categories of data protected by data-protection legislation as opposed to the overall devices the data is stored on. By applying policies directly to sensitive data, DLP tools help companies monitor and control the transfer and use of personal information remotely, ensuring that it is not sent outside the company or uploaded to unauthorised third party services.

The author is Channel Manager at CoSoSys, developer of endpoint centric Data Loss Prevention (DLP) solutions and security software.
Invite your friends and family to sign up for MC Tech 3, our daily newsletter that breaks down the biggest tech and startup stories of the day

Moneycontrol Contributor
first published: Mar 26, 2020 02:54 pm
ISO 27001 - BSI Assurance Mark